Closed joaocc closed 1 month ago
the module is not aware of what is installed onto the cluster - but you can disable these rules by setting node_security_group_enable_recommended_rules = false
closing since this is configurable by users
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
In lines https://github.com/terraform-aws-modules/terraform-aws-eks/blob/705eb80cfacf563f74f760261c2154d2fd9f1d87/node_groups.tf#L158 and https://github.com/terraform-aws-modules/terraform-aws-eks/blob/705eb80cfacf563f74f760261c2154d2fd9f1d87/node_groups.tf#L167, the module is adding ports 8443 and 9443. These should only be added if the respective modules are being installed/enabled. We just had a case where we needed to open the ports for other purpose, and we kept getting duplicates and messages pointing to this https://github.com/hashicorp/terraform/pull/2376. In addition, this is opening unnecessary ports, unrelated to the settings of the components that originate them.
⚠️ Note
Versions
N/A
Reproduction Code [Required]
Any code trying to add ports 8443 and 9443 (with self=true) to node_security_group_additional_rules, with var.node_security_group_enable_recommended_rules set to true
Expected behavior
If neither karpenter nor AWS ALB ingress are enabled, the ports should not be added to the list of recommended ports.
Actual behavior
Ports are added to the list of recommended ports even when karpenter and AWS ALB are not added
Terminal Output Screenshot(s)